delete account & admin change account password

Author: Tkaixiang

api/api.js

@@ -145,29 +145,29 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 
 	// (2) Insert Validation
 	try {
-		await db.command({collMod: "users", validator: validators.users})
-		await db.command({collMod: "transactions", validator: validators.transactions})
-		await db.command({collMod: "challs", validator: validators.challs})
+		await db.command({ collMod: "users", validator: validators.users })
+		await db.command({ collMod: "transactions", validator: validators.transactions })
+		await db.command({ collMod: "challs", validator: validators.challs })
 		console.log("Validation inserted")
 	}
-	catch (e) {console.error(e)}
+	catch (e) { console.error(e) }
 
 	// (3) Create Indexes
 	if ((await collections.users.indexes()).length === 1) {
 		// Users indexes
-		collections.users.createIndex({"username": 1}, {unique: true, name: "username"})
-		collections.users.createIndex({"email": 1}, {unique: true, name: "email"})
+		collections.users.createIndex({ "username": 1 }, { unique: true, name: "username" })
+		collections.users.createIndex({ "email": 1 }, { unique: true, name: "email" })
 		console.log("Users indexes created")
 	}
 	if ((await collections.challs.indexes()).length === 1) {
 		// Challs indexes
-		collections.challs.createIndex({"category": 1, "visibility": 1}, {name: "catvis"})
-		collections.challs.createIndex({"name": 1}, {unique: true, name: "name"})
+		collections.challs.createIndex({ "category": 1, "visibility": 1 }, { name: "catvis" })
+		collections.challs.createIndex({ "name": 1 }, { unique: true, name: "name" })
 		console.log("Challs indexes created")
 	}
 	if ((await collections.transactions.indexes()).length === 1) {
 		// Transcations indexes
-		collections.transactions.createIndex({"author" : 1, "challenge" : 1, "type" : 1}, {name: "userchall"})
+		collections.transactions.createIndex({ "author": 1, "challenge": 1, "type": 1 }, { name: "userchall" })
 		console.log("Transcations indexes created")
 	}
 
@@ -368,6 +368,8 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 				res.send({ success: true });
 			}
 			else {
+				const user = await collections.users.findOne({ username: userToDelete }, { projection: { password: 1, _id: 0 } });
+				if (!(await argon2.verify(user.password, req.body.password))) return res.send({success: false, error: "wrong-pass"})
 				if ((await collections.users.deleteOne({ username: userToDelete.toLowerCase() })).deletedCount == 0) {
 					res.status(400);
 					res.send({
@@ -478,6 +480,31 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 			errors(err, res);
 		}
 	});
+	app.post('/v1/account/adminChangePassword', async (req, res) => {
+		try {
+			if (req.headers.authorization == undefined) throw new Error('MissingToken');
+			const username = signer.unsign(req.headers.authorization);
+			if (await checkPermissions(username) < 2) throw new Error('Permissions');
+			if (req.body.password == '') throw new Error('EmptyPassword');
+			await collections.users.updateOne(
+				{ username: req.body.username },
+				{ '$set': { password: await argon2.hash(req.body.password) } }
+			);
+			res.send({ success: true });
+		}
+		catch (err) {
+			switch (err.message) {
+				case 'EmptyPassword':
+					res.status(400);
+					res.send({
+						success: false,
+						error: 'empty-password'
+					});
+					return;
+			}
+			errors(err, res);
+		}
+	});
 	app.get('/v1/announcements/list/:version', async (req, res) => {
 		try {
 			if (req.headers.authorization == undefined) throw new Error('MissingToken');
@@ -1413,7 +1440,7 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 	//websocket methods
 	wss.on('connection', (socket) => {
 		socket.isAlive = true
-		socket.on('pong', () => {socket.isAlive = true}); // check for any clients that dced without informing the server
+		socket.on('pong', () => { socket.isAlive = true }); // check for any clients that dced without informing the server
 
 		socket.on("message", async (msg) => {
 			const data = JSON.parse(msg)
@@ -1430,31 +1457,31 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 					return socket.terminate()
 				}
 				socket.isAuthed = true
-				
+
 				if (payload.lastChallengeID < cache.latestSolveSubmissionID) {
-					const challengesToBeSent = await collections.transactions.find(null, {projection: {_id: 0, author: 1, timestamp: 1, points: 1 }}).sort({$natural:-1}).limit(cache.latestSolveSubmissionID-payload.lastChallengeID).toArray();
-					socket.send(JSON.stringify({type: "init", data: challengesToBeSent, lastChallengeID: cache.latestSolveSubmissionID}))
+					const challengesToBeSent = await collections.transactions.find(null, { projection: { _id: 0, author: 1, timestamp: 1, points: 1 } }).sort({ $natural: -1 }).limit(cache.latestSolveSubmissionID - payload.lastChallengeID).toArray();
+					socket.send(JSON.stringify({ type: "init", data: challengesToBeSent, lastChallengeID: cache.latestSolveSubmissionID }))
 				}
-				else socket.send(JSON.stringify({type: "init", data: "up-to-date"}))
+				else socket.send(JSON.stringify({ type: "init", data: "up-to-date" }))
 			}
 		})
 	})
 
 	// check for any clients that dced without informing the server
 	const interval = setInterval(function ping() {
 		wss.clients.forEach(function each(ws) {
-		  if (ws.isAlive === false)  return ws.terminate();
-	  
-		  ws.isAlive = false;
-		  ws.ping();
+			if (ws.isAlive === false) return ws.terminate();
+
+			ws.isAlive = false;
+			ws.ping();
 		});
-	  }, 30000);
+	}, 30000);
 
 	wss.on('close', function close() {
 		clearInterval(interval);
-	  });
+	});
+
 
-	
 
 
 }).catch(err => {

client/public/index.html

@@ -5,7 +5,7 @@
   <meta charset="utf-8" />
   <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
   <script>
-    window.production = true
+    window.production = false
     window.ipAddress = window.production ? "https://api.irscybersec.tk" : "http://localhost:20001"
 
     const startEruda = () => {

client/src/App.js

@@ -318,7 +318,7 @@ class App extends React.Component {
                                     <Route exact path='/Scoreboard' render={(props) => <Scoreboard {...props} transition={style} />} />
 
                                     <Route exact path='/Profile' render={(props) => <Profile {...props} transition={style} username={this.state.username} key={window.location.pathname} />} />
-                                    <Route exact path='/Settings' render={(props) => <Settings {...props} transition={style} username={this.state.username} key={window.location.pathname} />} />
+                                    <Route exact path='/Settings' render={(props) => <Settings {...props} transition={style} logout={this.handleLogout.bind(this)} username={this.state.username} key={window.location.pathname} />} />
                                     <Route exact path='/Profile/:user' render={(props) => <Profile {...props} transition={style} username={this.state.username} key={window.location.pathname} />} />
 
 

client/src/Settings.js

@@ -1,9 +1,10 @@
 import React from 'react';
-import { Layout, message, Avatar, Button, Form, Input, Divider, Upload } from 'antd';
+import { Layout, message, Avatar, Button, Form, Input, Divider, Upload, Modal } from 'antd';
 import {
     KeyOutlined,
     LockOutlined,
-    UploadOutlined
+    UploadOutlined,
+    DeleteOutlined
 } from '@ant-design/icons';
 import './App.min.css';
 
@@ -99,13 +100,71 @@ const ChangePasswordForm = (props) => {
     );
 }
 
+const DeleteAccountForm = (props) => {
+    const [form] = Form.useForm();
+
+    return (
+        <Form
+            form={form}
+            name="changePassword"
+            className="change-password-form"
+            onFinish={(values) => {
+
+                fetch(window.ipAddress + "/v1/account/delete", {
+                    method: 'post',
+                    headers: { 'Content-Type': 'application/json', "Authorization": localStorage.getItem("IRSCTF-token") },
+                    body: JSON.stringify({
+                        "password": values.password
+                    })
+                }).then((results) => {
+                    return results.json(); //return data in JSON (since its JSON data)
+                }).then((data) => {
+                    if (data.success === true) {
+                        message.success({ content: "Account deleted successfully" })
+                        props.setState({deleteAccountModal: false})
+                        props.logout()
+                        form.resetFields()
+                    }
+                    else if (data.error === "wrong-password") {
+                        message.error({ content: "Password is incorrect. Please try again." })
+                    }
+                    else {
+                        message.error({ content: "Oops. Unknown error." })
+                    }
+
+                }).catch((error) => {
+                    console.log(error)
+                    message.error({ content: "Oops. There was an issue connecting with the server" });
+                })
+            }}
+            style={{ display: "flex", flexDirection: "column", justifyContent: "center", width: "100%", marginBottom: "2vh" }}
+        >
+            <h4>Your account data will be <b style={{color: "#d32029"}}>deleted permanently</b>. Please ensure you really no longer want this account.</h4>
+            <h3>Please Enter Your Password To Confirm:</h3>
+            <Form.Item
+                name="password"
+                rules={[{ required: true, message: 'Please input your password', }]}>
+
+                <Input.Password allowClear prefix={<LockOutlined />} placeholder="Enter password." />
+            </Form.Item>
+            
+
+            <Form.Item>
+            <Button style={{ marginRight: "1.5vw" }} onClick={() => { props.setState({ deleteAccountModal: false }) }}>Cancel</Button>
+                <Button type="primary" htmlType="submit" danger icon={<KeyOutlined />}>Delete Account</Button>
+            </Form.Item>
+        </Form>
+    );
+}
+
 class Settings extends React.Component {
 
     constructor(props) {
         super(props);
         this.state = {
             fileList: [],
-            disableUpload: false
+            disableUpload: false,
+            deleteAccountModal: false
         }
     }
 
@@ -116,10 +175,23 @@ class Settings extends React.Component {
     render() {
         return (
             <Layout className="layout-style">
+
+                <Modal
+                    title={"Delete Account"}
+                    visible={this.state.deleteAccountModal}
+                    footer={null}
+                    onCancel={() => { this.setState({ deleteAccountModal: false }) }}
+                    confirmLoading={this.state.modalLoading}
+                >
+
+                    <DeleteAccountForm logout={this.props.logout.bind(this)} setState={this.setState.bind(this)} />
+                </Modal>
+
+
                 <Divider />
                 <div style={{ display: "flex", marginRight: "5ch", alignItems: "center", justifyItems: "center" }}>
                     <div style={{ display: "flex", flexDirection: "column", justifyContent: "initial", width: "15ch", overflow: "hidden" }}>
-                        <Avatar style={{ backgroundColor: "transparent", width: "12ch", height: "12ch" }} size='large' src={"https://api.irscybersec.tk/uploads/profile/" + this.props.username + ".webp"}/>
+                        <Avatar style={{ backgroundColor: "transparent", width: "12ch", height: "12ch" }} size='large' src={"https://api.irscybersec.tk/uploads/profile/" + this.props.username + ".webp"} />
                         <div style={{ marginTop: "2ch" }}>
                             <Upload
                                 fileList={this.state.fileList}
@@ -128,19 +200,19 @@ class Settings extends React.Component {
                                 action={window.ipAddress + "/v1/profile/upload"}
                                 maxCount={1}
                                 onChange={(file) => {
-                                    this.setState({fileList: file.fileList})
+                                    this.setState({ fileList: file.fileList })
                                     if (file.file.status === "uploading") {
-                                        this.setState({disableUpload: true})
+                                        this.setState({ disableUpload: true })
                                     }
                                     else if ("response" in file.file) {
                                         if (file.file.response.success) message.success("Uploaded profile picture")
                                         else {
                                             message.error("Failed to upload profile picture")
                                             if (file.file.response.error === "too-large") {
-                                                message.info("Please upload a file smaller than " + file.file.response.size.toString() + "Bytes." )
+                                                message.info("Please upload a file smaller than " + file.file.response.size.toString() + "Bytes.")
                                             }
                                         }
-                                        this.setState({fileList: [], disableUpload: false})
+                                        this.setState({ fileList: [], disableUpload: false })
                                     }
                                 }}
                                 headers={{ "Authorization": localStorage.getItem("IRSCTF-token") }}
@@ -167,6 +239,12 @@ class Settings extends React.Component {
                 </div>
 
                 <Divider />
+
+                <div>
+                    <h3>Very Very Dangerous Button</h3>
+                    <Button danger type="primary" icon={<DeleteOutlined />} onClick={() => {this.setState({deleteAccountModal: true})}} >Delete Account</Button>
+                    <p>You will be asked to key in your password to confirm</p>
+                </div>
             </Layout>
         )
     }